Skip to main content

Generic construction of an \(\mathrm {eCK}\)-secure key exchange protocol in the standard model


LaMacchia, Lauter and Mityagin presented a strong security model for authenticated key agreement, namely the \(\mathrm {eCK}\) model. They also constructed a protocol, namely the NAXOS protocol, that enjoys a simple security proof in the \(\mathrm {eCK}\) model. However, the NAXOS protocol uses a random oracle-based technique to combine the long-term secret key and the per session randomness, so-called NAXOS trick, in order to achieve the \(\mathrm {eCK}\) security definition. For NAXOS trick-based protocols, the leakage of per session randomness modeled in the \(\mathrm {eCK}\) model is somewhat unnatural, because the \(\mathrm {eCK}\) model leaks per session randomness, while the output of the NAXOS trick computation remains safe. In this work, we present a standard model \(\mathrm {eCK}\)-secure protocol construction, eliminating the NAXOS trick. Moreover, our protocol is a generic construction, which can be instantiated with arbitrary suitable cryptographic primitives. Thus, we present a generic \(\mathrm {eCK}\)-secure, NAXOS-free, standard model key exchange protocol. To the best of our knowledge this is the first paper on generic transformation of a \(\mathrm {CCA2}\)-secure public-key encryption scheme to an \(\mathrm {eCK}\)-secure key exchange protocol in the standard model.

This is a preview of subscription content, access via your institution.


  1. Alawatugoda, J., Stebila, D., Boyd, C.: Modelling after-the-fact leakage for key exchange. In: 9th ACM Symposium on Information, Computer and Communications Security (ASIA CCS’14), Kyoto, Japan, June 03–06, 2014, pp. 207–216 (2014)

  2. Alawatugoda, J., Stebila, D., Boyd, C.: Continuous after-the-fact leakage-resilient eck-secure key exchange. In: Proceedings of the Cryptography and Coding—15th IMA International Conference (IMACC 2015), Oxford, UK, December 15–17, 2015, pp. 277–294 (2015)

  3. Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: CRYPTO, pp. 26–45 (1998)

  4. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: CRYPTO, pp. 232–249 (1993)

  5. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Ashby, V. (ed.) ACM CCS 93, pp. 62–73. ACM Press, New York City (1993)

    Chapter  Google Scholar 

  6. Bellare, M., Rogaway, P.: Provably Secure Session Key Distribution—The Three Party Case. ACM Press, New York City (1995)

    MATH  Google Scholar 

  7. Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using Diffie–Hellman. In: Proceedings of the 19th International Conference on Theory and Application of Cryptographic Techniques (EUROCRYPT’00), pp. 156–171. Springer, Berlin (2000)

  8. Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: EUROCRYPT, pp. 453–474 (2001)

  9. Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO’98, volume 1462 of LNCS, pp. 13–25. Springer, Berlin (1998)

    Google Scholar 

  10. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22, 644–654 (1976)

  11. Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Cryptogr. 2(2), 107–125 (1992)

    Article  MathSciNet  Google Scholar 

  12. Dziembowski, S., Faust, S.: Leakage-resilient cryptography from the inner-product extractor. In: ASIACRYPT, pp. 702–721 (2011)

  13. Halevi, S., Lin, H.: After-the-fact leakage in public-key encryption. In: Theory of Cryptology Conference, pp. 107–124 (2011)

  14. Jablon, D.P.: Strong password-only authenticated key exchange. SIGCOMM Comput. Commun. Rev. 26(5), 5–26 (1996)

    Article  Google Scholar 

  15. Katz, J., Lindell, Y.: Introduction to Modern Cryptography. Chapman and Hall/CRC Press, Boca Raton (2007)

    MATH  Google Scholar 

  16. Kim, M., Fujioka, A., Ustaoglu, B.: Strongly secure authenticated key exchange without naxos’ approach. In: Proceedings of the Advances in Information and Computer Security, 4th International Workshop on Security, IWSEC 2009, Toyama, Japan, October 28–30, 2009, pp. 174–191 (2009)

  17. LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: ProvSec, pp. 1–16 (2007)

  18. Moriyama, D., Okamoto, T.: An eck-secure authenticated key exchange protocol without random oracles. In: Proceedings of the Provable Security, Third International Conference, ProvSec 2009, Guangzhou, China, November 11–13, 2009, pp. 154–167 (2009)

  19. Moriyama, D., Okamoto, T.: Leakage resilient eCK-secure key exchange protocol without random oracles. In: ASIACCS, pp. 441–447 (2011)

  20. Naor, M., Segev, G.: Public-key cryptosystems resilient to key leakage. In: CRYPTO, pp. 18–35 (2009)

  21. Ustaoglu, B.: Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS. Des. Codes Cryptogr. 46(3), 329–342 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  22. Yang, Z.: Efficient eck-secure authenticated key exchange protocols in the standard model. In: Proceedings of the Information and Communications Security—15th International Conference (ICICS 2013), Beijing, China, November 20–22, 2013, pp. 185–193 (2013)

Download references


I would like to acknowledge Colin Boyd, Douglas Stebila and Tatsuaki Okamoto for valuable discussions on authenticated key exchange protocols. Moreover, I am grateful to the handling editor Sherman S. M. Chow and the two anonymous reviewers for their valuable comments to polish-up the paper. Further, I am supported by the National Research Council (NRC), Sri Lanka Postdoctoral Fellowship grant NRC 16-020.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Janaka Alawatugoda.

Rights and permissions

Reprints and Permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Alawatugoda, J. Generic construction of an \(\mathrm {eCK}\)-secure key exchange protocol in the standard model. Int. J. Inf. Secur. 16, 541–557 (2017).

Download citation

  • Published:

  • Issue Date:

  • DOI: